Apache ShiroÑéÖ¤ÈƹýÎó²î£¨CVE-2020-17523£©

Ðû²¼Ê±¼ä 2021-02-02

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2020-17523

ʱ  ¼ä

2021-02-02

Àà   ÐÍ

ÑéÖ¤Èƹý

µÈ  ¼¶

ÖÐΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

Apache Shiro < 1.7.1

 

0x01 Îó²îÏêÇé

image.png

 

Apache ShiroÊÇÒ»¸öÇ¿Ê¢ÇÒÒ×ÓõÄJavaÇå¾²¿ò¼Ü,ÆäÖ§³ÖÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢ÃÜÂëºÍ»á»°ÖÎÀíµÈ¡£¡£¡£¡£ ¡£¡£Ê¹ÓÃShiroµÄAPI¿ÉÒÔ¿ìËÙ¡¢ÇáËɵػñµÃÈκÎÓ¦ÓóÌÐò¡£¡£¡£¡£ ¡£¡£

2021Äê02ÔÂ01ÈÕ£¬£¬£¬£¬£¬£¬£¬£¬Apache ShiroÐû²¼1.7.1°æ±¾£¬£¬£¬£¬£¬£¬£¬£¬ÐÞ¸´ÁË Apache Shiro ÖеÄÒ»¸öÉí·ÝÑéÖ¤ÈƹýÎó²î£¨CVE-2020-17523£©¡£¡£¡£¡£ ¡£¡£µ±Apache ShiroÓëSpringÁ¬ÏµÊ¹ÓÃʱ£¬£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔʹÓöñÒâHTTPÇëÇóÀ´ÈƹýShiroµÄÉí·ÝÈÏÖ¤¡£¡£¡£¡£ ¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÈƹýÉí·ÝÑéÖ¤£¬£¬£¬£¬£¬£¬£¬£¬Àֳɻá¼ûºǫ́¡£¡£¡£¡£ ¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ¸ÃÎó²îÒѱ»ÐÞ¸´£¬£¬£¬£¬£¬£¬£¬£¬½¨ÒéÉý¼¶ÖÁApache Shiro 1.7.1¡£¡£¡£¡£ ¡£¡£

ÏÂÔØÁ´½Ó£º

https://shiro.apache.org/download.html

 

0x03 ²Î¿¼Á´½Ó

https://lists.apache.org/thread.html/r13fe9ddc4ebdbf17db22cf1dd2776144bf9fdbfbdf2887a0385538aa%40%3Ccommits.shiro.apache.org%3E

https://shiro.apache.org/news.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17523

 

0x04 ʱ¼äÏß

2021-02-01  Apache ShiroÐû²¼Çå¾²¸üÐÂ

2021-02-02  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png